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(1) Real Party in Interest 

The examiner has no comment on the statement, or lack of statement, identifying by 
name the real party in interest in the brief 

(2) Related Appeals and Interferences 

The following are the related appeals, interferences, and judicial proceedings known to 
the examiner which may be related to, directly affect or be directly affected by or have a bearing 
on the Board's decision in the pending appeal: 

Boards decision for the instant application, 09/426,442 decided on 5/29/2009. 

(3) Status of Claims 

The following is a list of claims that are rejected and pending in the application: 
1, 18-23,25-33,35-37 

(4) Status of Amendments After Final 

The examiner has no comment on the appellant's statement of the status of amendments 
after final rejection contained in the brief 

(5) Summary of Claimed Subject Matter 

The examiner has no comment on the summary of claimed subject matter contained in 
the brief 

(6) Grounds of Rejection to be Reviewed on Appeal 

The examiner has no comment on the appellant's statement of the grounds of rejection to 
be reviewed on appeal. Every ground of rejection set forth in the Office action from which the 
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appeal is taken (as modified by any advisory actions) is being maintained by the examiner except 
for the grounds of rejection (if any) listed under the subheading "WITHDRAWN 
REJECTIONS." New grounds of rejection (if any) are provided under the subheading "NEW 
GROUNDS OF REJECTION." 

WITHDRAWN REJECTIONS 

Rejection of claims 1, and 18-37 under U.S.C. § 101 is withdrawn. 



(7) Claims Appendix 

The examiner has no comment on the copy of the appealed claims contained in the 
Appendix to the appellant's brief 

(8) Evidence Relied Upon 

6,367,009 DAVIS 4-2002 

6,240,091 GINZBOORG 5-2001 

6,178,505 SCHNEIDER 1-2001 

6,023,765 KUHN 2-2000 

2001/0020242 GUPTA 9-2001 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 
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the claimed invention is directed to non-statutory subject matter. A process qualifies to be 
considered for patenting only if it (1) is implemented with a particular machine, that is, one 
specifically devised and adapted to carry out the process in a way that is not concededly 
conventional and is not trivial; or else (2) transforms an article from one thing or state to another. 
Claims 1, 27, and 37 are rejected because they do not contain any form of computer hardware. 
Inclusion of a Processor or other computer hardware consistent with the specification will 
overcome this rejection. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 19, 20, 24, 25-27, 29, 30, 34, 35, 36 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Davis US 6,367,009 in view of Schneider US 
6,178,505 in view of Kuhn US 6,023,765. 

As per claims 1, and 27, Davis discloses an MTS or middle tier server, verifying a users ID 
through a digital certificate submitted by the client, (authentication component), (Col 1 1 
lines 39-43). Davis also discloses the ETS or end tier server verifying the users ID through 
use of a digital certificate, (Col 13 lines 27-31). Davis teaches that the ETS uses access 
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control comprising a list of authorized users, (directory), (Col 13 lines 35-39). Davis 
discloses that if the user is not on the access control list, the system will restrict access, 
(access control system), (Col 13 lines 40-42). 

Schneider teaches a system in which a users are permitted access to at least one portion of 
a computer site. Schneider teaches a database (directory) of user accounts wherein the 
user is assigned a group and is allowed access to data said group is permitted to access. 
(Col 12 lines 10-33, 54-59). Schneider teaches a user account with an associated IP 
address or certificate authorization method (Col 23 lines 18-20, Col 1 1 lines 1-55). 
It would be obvious to one skilled in the art to modify the system of Davis with the user 
account access control of Schneider because ACL's do not provide the level of security 
and flexibility that user accounts do. 

Kuhn teaches using an access policy to provide tiered access for a plurality of security 
levels over different sets of users (Col 6 lines 35-60). 

It would have been obvious to one of ordinary skill in the art to use Kuhn with the 
previous combination because it allows the convenience and organization of the role 
based system of Schneider with the proven security improvements of security levels (Col 
5 lines 10-15). 



As per claim 19, 29, Schneider teaches that users are categorized into discrete sets 
granted access to a particular portion of the computer according to the access policy. 
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As per claim 20, 30, Schnieder teaches the system is configured to use information 
relating to the user to present tot the user personalized information. 

As per claims 24 and 34, Schneider teaches the account containing an IP address (Col 23 
lines 15-25). 

As per claims 25, and 35 Schneider teaches the system is configured to provide 
functionality to support the desired functionality of the users (Col 12 lines 20-40). 

As per claims 26, 36 Davis teaches that the certificate authorization is automated (no 
human is involved in the process) (Col 13 lines 15-25). 

Claims 21, 22, 31, 32, and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Davis US 6,367009 in view of Schneider US 6,178,505 in view 
of Kuhn US 6,023,765 in view of GUPTA US 2001/0020242. 

As per claims 21,22, 31, and 32, the previous combination teaches user groups but 
not specifically user preferences. 

Gupta teaches user preferences, and displaying new products or information related to 
the users field of interest based on those preferences [0062], [0064], [0075] 

It would have been obvious to one of ordinary skill in the art to use the 
preferences of Gupta with the previous system because it is more efficient to send the 
user tailored information, then send general information. 
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As per claim 37, 

Davis discloses an MTS or middle tier server, verifying a users ID through a digital 
certificate submitted by the client, (authentication component), (Col 1 1 lines 39-43). Davis 
also discloses the ETS or end tier server verifying the users ID through use of a digital 
certificate, (Col 13 lines 27-31). Davis teaches that the ETS uses access control comprising a 
list of authorized users, (directory), (Col 13 lines 35-39). Davis discloses that if the user is 
not on the access control list, the system will restrict access, (access control system), (Col 13 
lines 40-42). 

Schneider teaches a system in which a users are permitted access to at least one portion of 
a computer site. Schneider teaches a database (directory) of user accounts wherein the 
user is assigned a group and is allowed access to data said group is permitted to access. 
(Col 12 lines 10-33, 54-59). Schneider teaches a user account with an associated IP 
address or certificate authorization method (Col 23 lines 18-20, Col 1 1 lines 1-55) 
It would be obvious to one skilled in the art to modify the system of Davis with the user 
account access control of Schneider because ACL's do not provide the level of security 
and flexibility that user accounts do. 

Kuhn teaches using an access polict to provide tiered access for a plurality of security 
levels over different sets of users (Col 6 lines 35-60). 

It would have been obvious to one of ordinary skill in the art to use Kuhn with the 
previous combination because it allows the convenience and organization of the role 
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based system of Schneider with the proven security improvements of security levels (Col 
5 lines 10-15). 

Gupta teaches user preferences, and displaying new products or information related to 
the users field of interest based on those preferences [0062], [0064], [0075] 

It would have been obvious to one of ordinary skill in the art to use the 
preferences of Gupta with the previous system because it is more efficient to send the 
user tailored information, then send general information. 



Claims 18, 23, 28, 33 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Davis US 6,367,009 in view of Schneider US 6,178,505 in view of Kuhn US 6,023,765 
in view of Ginzboorg US 6,240,091. 

As per claims 18, 28 Davis does not teach a log system to record user actions in a computer 
site. 

Ginzboorg discloses by means of charging records, a log system to record user interaction 
with a computer site including a digital signature and timestamp for a transaction, (Col 8 
lines 22-26, Col 11 lines 17-21, Col 12 lines 24-28). 

It would have been obvious to one skilled in the art to modify the access policy of Davis 
with the recording system of Ginzboorg to provide the necessary data for billing purposes 
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As per claims 23, and 33, Ginzboorg teaches an archive including purchases made 
(Ginzboorg Col 9 lines 50-55). 

Conclusion 

(10) Response to Argument 
A) 

Appellant argues the USC 101 rejection. As stated above the USC 101 rejection is 
withdrawn. Examiner indicated to US Patent office it was OK TO ENTER the after- final 
amendment. 

B) 

As per claim 1, Appellant argues that Schneider does not teach "each account further 
containing .... an internet protocol (IP) address", much less an "IP address associated with the 
user". 

Appellant argues that Schneider does not teach an account containing a certificate 
authorization method associated with the user. 

Appellant specifies that Schneider teaches only that IP addresses may be included in 
access filters, but that these filters are not associated with individual users. Appellant argues that 
Schneider teaches a range of IP addresses for each user, and that this IP address is from a 
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session, not a user account. Appellant states that the Examiner, without support states that this 
range of IP addresses, associates an IP address for a user. Appellant also argues that Schneider 
does not teach a user account that an IP address could be associated with. Appellant argues that 
"user information sets" do not read on "account". Appellant asserts that Examiner's reasoning 
with regard to the relationship of IP addresses, groups, and users is false. 

Appellant further argues that Schneider does not teach a certificate authorization method 
associated with a user. Appellant asserts that certificate matching is associated at most with user 
groups, and not users. Appellant argues that matching does not suggest a certificate 
authorization method. 

II 

Examiner asserts that Schneider teaches all of the argued claim limitations. First, with 
regard to accounts. Schneider teaches that information included in a database may include 
identification information that identifies a user 313, Column 9 line 60. Schneider also teaches 
the information may define groups to which users belong. The information may include access 
rights in terms of user groups. The examiner interprets all information pertaining to a user to be 
"an account" It was well known to those of ordinary skill in the art that to access a resource a 
user must have an account with an ID. Although Schneider does not explicitly state "account", 
the examiner has interpreted the identity information stated as an account. For example, to log 
into a "user group" there must be an account that states that an individual user belongs to that 
group. 

Examiner asserts that Schneider does teach that each account contains at least one IP 
address associated with the user. As stated by the Appellant, Column 23 lines 15-20, and Figure 
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9 state " users are identified by IP addresses and they appear in the display as ranges of IP 
addresses" First, the Examiner interprets a "range" of IP addresses as having an IP address 
associated with the user. Instead of one IP address associated, there are many individual IP 
addresses associated with the user. The Examiner reads the term "associated" with the broadest 
reasonable interpretation. Since a user is in a group, and there are individual IP addresses in a 
range associated with users. Just because every user in the group may have the same range of IP 
addresses associated with them, does not make Schneider invalid for rejecting claim 1. 
Alternately, Schneider does not state what size the groups or ranges may be. A group may be 
classified as 1 person, and the range of IP addresses may also be restricted to 1 IP address. Thus 
Schneider does teach independent claim 1 . 

Schneider does teach that a certificate may ID a user and be used for authorization. The 
Examiner does not know what Appellant interprets as "certificate authorization method" but the 
Examiner has read the statement with the broadest reasonable interpretation. Schneider teaches 
that a certificate is user to identify an individual user (Col 1 1 lines 5-6). Schneider teaches that 
certificates are particularly trustworthy, indicating they authenticate the user is who they say they 
are (Col 1 1 line 4-5). Schneider teaches that the certificate is issued to a user name in the subject 
field (Col 1 1 lines 20-22). 

Furthermore, Schneider teaches that access is determined by identification of the user and 
the trust level associated with the request, (Col 18 lines 59-65). Schneider teaches that each 
group of users may use one or more techniques. Included in this group are IP address, and 
Certificate. (Col 19 lines 1-5, 19-20). Schneider teaches that that access filters consult the 
databases regarding users, and user groups to determine whether access should be granted. (Col 
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20 lines 10-34). It is possible a user may only be granted access if they use the appropriate trust 
level, such as a certificate. 

The Examiner asserts that since there is a user id, associated with a user and a user group 
in a database there is a user account. That there is an identification that must be used to allow a 
user to be granted access to resources and that an identification of a user may be an IP address or 
a certificate authorization. Thus Schneider teaches an account for a user containing at least one 
of an IP address and a certificate authorization method associated with the user. 

C) 

Appellant argues dependant claims 21, 22, 31, 32, and 37 are patentable based on 
independent claim allowability. 

Examiner refers to response to above argument B. 
D) 

Appellant argues that claims 18, 23, 28, and 33 are patentable based on their independent 
claim allowability 

Examiner refers to response to above argument B 



(11) Related Proceeding(s) Appendix 

Copies of the court or Board decision(s) identified in the Related Appeals and 
Interferences section of this examiner's answer are provided herein. 



Application/Control Number: 09/426,442 Page 14 

Art Unit: 2439 

For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 

/Christopher J Brown/ 

Primary Examiner, Art Unit 2439 



Conferees: 

/Michael J Simitoski/ 

Primary Examiner, Art Unit 2439 

/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



